WingNews logo WingNews GitHub [2]

bwackwat's comments

bwackwat | 9 years ago | on: What Are Some Examples of Well-Written C# Code?

It was remarkable to me that I could not think of a good example for you. Apparently I myself to not have any good C# to share even though I have worked with the language a lot.

Anyways, I suggest you use Visual Studio, use the code formatter, and stick to common good programming practices such as: using proper accessors (public, private, protected), don't duplicate code, name variables with style, document things that you think you'll be curious about later, and use git to keep track of your code.

bwackwat | 9 years ago | on: Ask HN: How are you doing S2S authentication?

I have been using symmetrically encrypted TCP servers and clients, which I have been developing in a C++ library.

I believe the standard is basically TLS 1.2 asymmetric encryption and then token-based authentication via username/password mechanisms. For example, most databases are securely accessible via external services using TLS.

Key distribution in my case (symmetric encryption,) is trivial, but securing or replacing those keys is non-trivial and I have yet to solve this problem.

Nonetheless, securing private or even public TLS keys is a seriously difficult problem as well.

bwackwat | 9 years ago | on: How Do You Name Your Servers

This is a hilariously difficult question, and I think stuff4ben provided a great answer.

I'm going to start naming my web servers:

web-server-load-balancer

web-server-1

web-server-2

web-server-3

bwackwat | 9 years ago | on: Ask HN: Is openssl enc a good choice for file encryption?

Ok so I guess the resulting lesson from Canada for me is that having a HASH or MAC for encrypted files is the most critical part of any secure system OP is interested in.

Furthermore, Canada, what about privately managed machines communicating via TCP and AES 256 CBC symmetrically encrypted messages? I also use a random salt and a transaction number.

Until now, I was thinking that successfully decrypted data would be safe. Is the case for TCP encrypted data the same? I need to have a MAC for each message and verify that between ACK's or something?

EDIT: Did some research: https://en.wikipedia.org/wiki/Authenticated_encryption

It looks like incorporating a MAC within or alongside the encrypted data is not as insecure or as complex as I was afraid.

Can both my TCP encryption and OP's file encryption problem by solved by just appending a HASH of the encrypted data to the end of the encrypted data (EtM), or appending a HASH of the plaintext data to the end of the plaintext data and then encrypting that (MtE)?

bwackwat | 9 years ago | on: Ask HN: Is openssl enc a good choice for file encryption?

I agree that using the command line for this type of problem is going to be problematic.

I also see clearly how hashing the encrypted data before "storing it at this 3rd party" would allow you to verify CBC block modifications.

I guess I don't understand GPG well enough to see how it solves this problem better than AES CBC 256. Could you perchance provide a link? Or explain how GPG would take care of this?

bwackwat | 9 years ago | on: Ask HN: Is openssl enc a good choice for file encryption?

Use AES 256 bit encryption. It looks like you found some openssl command line tools to do this, which appears fine. (I can't speak on the details of that particular tool.) Depending on your technology stack, there are probably a number of tools which can programmatically encrypt and decrypt files.

For example, I use CryptoPP for AES 256 bit encryption in C++.

page 1
more